Pages

Jump to bottom

5 comments

1 Dark_Falcon  Sat, Apr 13, 2013 1:05:59pm

The image that forms in my mind is of a huge number of infected machines merging to form one giant Devastator-type Transformer.

/More than meets the eye.

2 Charles Johnson  Sat, Apr 13, 2013 1:10:53pm

This could be very bad. Anyone who uses WordPress needs to make sure they’re using very strong passwords.

3 CuriousLurker  Sat, Apr 13, 2013 1:36:48pm

Ugh. We’ve created several sites using WP. I make a habit of using strong passwords when I install anything (learned the hard way), but I guess I’d better check with clients to make sure they haven’t changed anything.

Thanks for the heads-up.

4 Political Atheist  Sat, Apr 13, 2013 1:56:56pm

re: #2 Charles Johnson

re: #3 CuriousLurker

This leaves a lot of us users crossing our fingers and hoping our ISP people are on the ball. IIRC.

5 CuriousLurker  Sat, Apr 13, 2013 2:24:39pm

re: #3 CuriousLurker

Another good practice is to avoid using the default “super user” username which is often “admin”. As the article notes, this is being exploited:

According to CloudFlare’s Prince, the distributed attacks are attempting to brute force the administrative portals of WordPress servers, employing the username “admin” and 1,000 or so common passwords.

Don’t make things easy for the bad guys.

Web sites, no matter how small or insignificant, are under constant attack. I have several personal sites that I don’t use much except for playing around, but just for shits & giggles one day I added some PHP to my 404 (not found) page to see which resources were being requested that were resulting in the 404 error.

There were numerous attacks every single day from all over the world. Luckily, my hosting company has pretty good security, and most of it looked like script kiddies trying to brute force their way in using common vulnerabilities, but still…it was an eye-opener.

On another domain I added an “admin” directory (e.g. mydomain.com/admin) with a fake login screen (no pwd or uname required) just to see if people would attempt to get in. Yep, they tired on a regular basis, though not as often as with the automated brute force attempts that target the commonly installed stuff.

Moral of the story: If you put something on the web, people WILL attempt to access it just because they can, so take precautions.

*steps down from pulpit*


This page has been archived.
Comments are closed.

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2023-04-04 11:11 am PDT
LGF User's Guide RSS Feeds

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal
Cash.app
Recent PagesClick to refresh